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ABSTRACT 



An interface between a digital communication system and a 
PSTN establishes a user configurable secure encrypted link 
to a digital subscriber unit through the digital communica- 
tion system, and provides clear (unencrypted) voice to 
telephone sets through the PSTN. The interface includes a 
security module for encrypting and decrypting information 
with user specific algorithms and keys, a transcoder for 
converting modulated voice to digital voice and a modem 
for modulating and demodulating data and encrypted voice. 
Accordingly, the wireline interface allows for user specified 
security over a digital wireless portion of an end-to-end 
communication channel. The interface also provides for the 
communication of unencrypted voice followed by secure 
voice or secure data. 

20 Claims, 3 Drawing Sheets 
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RADIO WIRELINE INTERFACE AND present invention performed for calls initiated within an 

METHOD FOR SECURE COMMUNICATION analog network; and 

FIFT nOFTHF INVENTION FIGS * 5-6 m P° rtions of the communication procedure 

MbLD OF IHb INVLN I ION Qf nG 3 ^ accordance ^ a preferred embodiment of the 

This invention relates in general to the field of secure 5 present invention, 

communication, in particular to secure communication The exemplification set out herein illustrates a preferred 

between digital and analog communication systems. embodiment of the invention in one form thereof, and such 

BACKGROUND OF THE INVENTION exemplification is not intended to be construed as limiting in 

i ^ . •** ~" any manner. 

One problem with today's wireless communication sys- 10 

terns is security of the information communicated over radio DETAILED DESCRIPTION OF THE DRAWINGS 

frequency (RF) links. Typical digital systems that provide In accordance ^th the preferred embodiments of the 

some secunty, for example, encrypt the air interface between present inventioD> a ^nhs* interface provides an interfaced 

a mobile handset and a base station. The terrestrial portion between a di m communication system an d a PSTN and/or! i 
of the connection is not encrypted so end-to^end security is I5 rtrusted PBX , The present invention provides for establishing i 

not provided. These digital networks that provide security, »■ a secure link ^ a digital unit through the digital : 

do not allow for the use of user specific secunty. For communication system. The present invention, in one 1 

example, digital systems that use standard encryption embodiment, provides "clear (unencrypted) voice to tele- i 

algorithms, such as GSM s A3/A8 encryption algorithm, do phone ^ through the psm m pfesent invention pro J i 

not support substitution of these standard algorithms with 20 videg for the uge of usef specified security over a digital ' 

custom or user specific algorithms. Accordingly, customers wirgless portion of an end . (0 . end communication channel] f 

must rely on the standard encryption algorithms provided by fhT^mirTvention also allows for the communication of 

the network with reduced confidence and the risk that the voice foUowed by data> and permits clear calls t0 be trans^ 

security may be compromised. formed into secure calls. TnT^Te^e^^uv^ion^lIso 

Another problem with existing digital networks is that 25 provides, in another embodiment, for end-to-end encryption 

calls originally in clear-voice mode can not be transferred m Edition to any encryption provided over the air by the 

easily to secure voice or data mode without establishing a digital communication system. The present invention also 1 , 

new link through the network. Another problem with exist- provides for the connection of a digital network to a trusted* 

ing technology is that large organizations do not have the PBSOThe present invention also provides for the connection" 

ability to provide an interworking function between a digital 30 0 f an outside company for providing new communication j 

network and the organization's protected private PBX. The services independent of the digital network service provider, 

organization must connect between the digital network and The present invention also allows for users to turn on and off 

their private PBX through the PSTN. the security. ^ 

Thus what is needed are a method and apparatus for ^ FIG. 1 illustrates a highly simplified diagram of a corn- 
interfacing a digital communication system with the PSTN munication system with which the preferred embodiments of 
and providing secure communications over a digital link. the present invention may be practiced. The communication 
What is also needed is a method and apparatus that allows system comprises digital subscriber unit 220, wireline inter- 
for user specific security through a digital network and f ace 200, analog network 228, analog links 230, digital 
provides for the communication of voice followed by data. communication network 224, digital links 222, and analog 
An apparatus or method that provides for the communica- terminals 232. 

tion of voice followed by the data, for example, has an Wireline interface 200 is a communication device inter- 
advantage of allowing a call to be placed in the clear mode facing between digital communica t ioa network 224 and 
and then converted to an end-to-end secure call. analog network 228, such as a PSTN. Wireline interface 200 
What is also needed are a method and apparatus that 45 comprises elements illustrated in FIG. 2 below for interfac- 
provides an interworking function allowing a large organi- mg communications between digital subscriber unit 220 and 
zation to connect between a digital communication system analog terminals 232. Digital network 224 may comprise 
and the organization's protected private PBX. any digital communication network such as a GSM network, 

BRIEF DESCRIPTION OF THE DRAWINGS an£ ^ ma ^ mc ^ e satellite communication nodes such as 

50 nodes of the Iridium network. Analog terminals 232 include 

The invention is pointed out with particularity in the analog secure and standard data terminals as well as secure 

appended claims. However, a more complete understanding and standard telephone sets. 

of the present invention may be derived by referring to the Di ^ tal subscri5er unit 220 Chides elements to encrypt/ 

detailed description and claims when considered in connec- transmit and receive/decrypt data (e . g . f digitized voice data , 

tion with the figures, wherein like reference numbers refer to 55 facsimile data> computer data eta)j thus p rovidmg for 

similar items throughout the figures, and: either or secure communication through network 

FIG. 1 illustrates a highly simplified diagram of a com- 224. Digital subscriber units 220 include subscriber units 

munication system with which the preferred embodiments of an d terminals for communicating digital information over 

the present invention may be practiced; rf or wireline, and include digital cellular telephones with 

FIG. 2 illustrates a simplified block diagram of a radio 60 encryption capability. Analog terminals 232 are preferably 

wireline interface apparatus in accordance with a preferred standard analog telephone sets, and may also include data 

embodiment of the present invention; terminals, and secure terminals with encryption capability 

FIG. 3 is a simplified flow chart of a communication such as a STU-III. 

procedure in accordance with a preferred embodiment of the Digital subscriber unit 220 produces digital bit streams, 

present invention; 65 Used in conjunction with wireline interface 200, digital 

FIG. 4 is a portion of the communication procedure of subscriber unit 220 establishes a direct digital bit stream 

FIG. 3 in accordance with a preferred embodiment of the channel with wireline interface 200 through digital commu- 
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nication network 224. The direct digital bit stream channel nal modem 208 coupled to the multiplexer within digital 

between digital subscriber unit 220 and wireline interface interface 202. Wireline interface 200 also includes an analog 

200 is referred to as the "digital channel". network interface 212 which couples wireline interface 200 

Analog terminals 232 produce analog signals modulated 10 an ? n ^°J ^'™ rk , suc ^ s a Public switch telephone 
at a carrier frequency suitable for transmission through an 5 netW °* £ S ™> ^°? em 208 converts digital b,t streams 

analog network and over analog links 230 to wireline P r ™ ded b 7 dtgttal interface 202 to analog data modulated 

■ * _r Ann « , ,. , b r ui . • i . i with a earner suitable for transmission on the PSTN. Modem 

interface 200. Analog links 230 are preferably typical tele- 2Q8 ^ demodulates di ^ tal modulaled data received fronj 

phone system lines. Digital subscriber un.t 220 and digital anal ne , work 2n to a $ ita , bj , stream for 

link 222 may be located anywhere, for example, off-shore, ovidin the di ital bit stream to ^ ital mlerface 20 2. 

or may be mobile-land or air-based units. Wireline interface 10 . 4 £ 1AA . . . , . , , 

-ftn ' . . . ... , . Wireline interface 200 also includes security module 206 

200, analog network 228, analog link 230 and analog - .. » j . re /• . j • j , » 

. , r , , P , . . & for receivme encrypted traffic (i.e.. encrypted voice or data) 

terminals 232 are preferably land-based equipment. f ,. . 4 . / r , v \.. J K , - / 

r ' n r from digital interface 202 and providmg decrypted traffic in 

When analog ternnndsJ32_comr^^ digilal form t0 either modem 208 or transcoder 210. Security 

the bit stream producedTythe secure terminal is modulated mo dule 206 also encrypts digital voice received from 

by its internal modem to produce a modulated carrier that transcoder 210 or data from modem 208 and provides an 

may be transmitted via analog link 230. A modulated carrier encrypted signal in a digital bit stream form to digital 

received via analog link 230 is demodulated by the internal interface 202 

modem of the secure terminal to produce a digital bit stream In me ferred embo diment, ^ty module 206 pro- 

that may be processed by the secure terminal Signals vid&s user . specific security which is determined between 

communicated via analog links 230 are modulated earners 200 and di ital subscriber unit 220, 

white signals communicated via digital communication net- instcad of netWQrk ^ whkh fof fc wouM bc 

work 224 and digital links 222 are digital bit streams same for all users of digital network 224 (FIG. 1). In another 

Because there is a direct digital channel between digital cmbodimcal> thc user mc bctwcca ^ iinc 

subscriber unit 220 and wireline interface 200 digital sub- interface 20Q and d{ ^ { briber unit 220 is in addition to 

scriber unit 220 uses a modem internal to wireline interface sccuri icaU indudcd ^ ^ netWQrk 

200 to communicate over analog network 228 to secure 224 Securit moduJe 2Q6 efera51 ovides> for exa le> 

terminals A suitable modem training procedure may be v s Governmcnt ty { sccurit and includcs ^ ific 

found in U.S. Pat. No. 5,504,802 which is assigned to same al ithms such as STU .„ If DES> RC 4, etc. Transcoder 210 
assignee as the present invention and herein incorporated by 3o functions M a VQCodcr and COQVcrts digital vo{ce 

reference. eithcr ff0m digital i„ tcr f acc 202 or security module 206 to 
Wireline interface 200 also allows a channel to be estab- . modulated voice suitable for transmission through the 

lished between wireline interface 200 and a standard tele- PSTN. Suitable transcoders, for example, are LPC-10 

phone set. The end-to-end communication channel com- transcoders. Transcoder 210 also converts modulated voice 
prises a secure communication channel between digital 35 from the PSTN received through analog network interface 

subscriber unit 220 and wireline interface 200 (the digital 212 to a digitized voice and provides the digitized voice in 

channel), and, for example, a non-secure communication b i t stream form to either security module 206 or to digital 

channel between wireline interface 200 and telephone set interface 202. 

through the PSTN. Wireline interface also allows an end- Controller 204, which is coupled to digital interface 202, 
to-end secure communication channel to be established 4Q modem 2 08, security module 206, transcoder 210, and 

between digital subscriber unit 220, and analog terminals analog network mterface 2 12, performs the control functions 

232. 0 f wireline interface 200 and instructs these elements of 

Although FIG. 1 illustrates analog network 228 coupled wireline interface 200 to perform, among other things, the 

between wireline interface 200 and analog terminals 232, in tasks described below. Controller 204 preferably includes 
another embodiment of the present invention, wireline inter- 45 processors, memory and embedded instruction sets for per- 

face 200 may couple directly with many analog networks, or forming such tasks. Controller 204 may also receive instruc- 
with one or more terminals 232 or telephone sets. In another 1 tions from outside of wireline interface 200. 

embodiment of the present invention, referred to as the^ FIG. 3 is a simplified flow chart of a communication 

trunked embodiment, a plurality or wireline interfaces 200 ' J - * J *^ *- — J — J - *^ 



are grouped together to form a pool of communication 
resources and are connected to a private switch or PBX 229 
to provide personal interworking functions (I WF) to a group 
of users with seoire^an^Qr^tandaic^^ In this 

embodiment, analog network 228 may be a private network . 
within a large organization such as a company. This embodi-p 
ment is preferred for providing services to groups of users 
who can share the cost and benefit from a fixed solution. 



procedure in accordance with a preferred embodiment of the 
50 present invention. In the preferred embodiment of the 
present invention, communication procedure 100 is 
performed, for example, by the radio wireline interface 
(FIG. 2). The tasks of communication procedure 100 are 
preferably performed by controller 204 in conjunction with 
55 the other elements of wireline interface 200. In task 102, a 
digital subscriber unit initiates a call to the wireline inter- 
face. Preferably the digital subscriber unit calls a telephone 



FIG. 2 illustrates a simplified block diagram of a radio number that is associated with the wireline interface on the 
wireline interface apparatus in accordance with a preferred digital network. The wireline interface preferably operates 
embodiment of the present invention. Wireline interface 200 60 from the network's perspective, like a digital handset within 
includes a digital interface 202 for communicating a modu- a digital communication network, such as network 224 (FIG, 
lated digital bit stream over a digital communication link 1). In task 104, the wireline interface and the digital sub- 
established with a digital communication system. Digital scriber unit establish a digital communication channel or 
interface 202 includes an internal multiplexer under the link through the digital communication network. In a pre- 
control of controller 204. Digital interface 202 includes 65 ferred embodiment of the present invention, the digital 
hardware for communicating over RF and wireline digital subscriber unit and wireline interface establish a encrypted 
networks 224. Wireline interface 200 also includes an inter- digital link through the communication network, desirably 
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with user specific encryption. In this embodiment, task 104 the analog network. Encrypted data or voice is received from 

includes the tasks of determining encryption algorithms and the digital subscriber unit through the digital communication 

appropriate encryption keys for the establishment of the network at the wireline interface. In one embodiment of the 

encrypted digital channel. Preferably, the keys and/or the present invention, when task 104 established an encrypted 

algorithms are unique to the wireline interface and the 5 digital link with the digital subscriber unit, task 122 may 

digital subscriber unit. include the steps of terminating that encrypted digital link 

In task 106, the digital subscriber unit provides a network and determining if preferably different encryption algo- 

number in the analog network (e.g., a PSTN phone number) rithms and keys for a secure end-to-end channel. Thus, a 

for the called party. In the preferred embodiment, once task new encrypted digital link would be established. 

104 is completed, the wireline interface provides a dial tone 1Q The encrypted data or voice received over the digital link 

to the digital subscriber unit prior to the digital subscriber which is converted to a digital bit stream, is modulated with 

unit sending PSTN number to the wireline interface. In a modem in task 126. In task 128, the modulated encrypted 

response to receiving the PSTN number from the digital data or voice is provided to the PSTN connection to the 

subscriber unit, the wireline interface rings the called party called party. The called party, using a secure terminal, for 

by dialing the telephone number of the called party in the example, demodulates the modulated encrypted voice with 

PSTN. The wireline interface waits for the called party to 15 its internal modem and decrypts the demodulated encrypted 

answer and in task 108, once the called party answers, a voice before converting the digital voice to modulated voice 

connection is established between the wireline interface and in its internal vocoder. 

the called party through the PSTN. Task 124 i s an optional task and is not performed when 

When a request to communicate secure voice over the air 2Q secure voice or secure data are communicated between a 

only is received, task 110 instructs procedure 100 to per- digital subscriber unit and a secure voice or data terminal 

forms tasks 114-118. Tasks 114-118 are performed when with encryption capability. Task 124 is desirably performed 

security through the PSTN is not required. The performance when secure data is communicated over the air (i.e., only 

of tasks 114-118 provides security through the digital net- secure through the digital network). In this case, task 124 

work but does not provide end-to-end security. 25 decrypts the encrypted data received through the digital 

For example, when the called party in the analog network communication network, task 126 modulates the decrypted 

does not have a secure phone with encryption capability and (clear) data and task 128 provides the modulated data over 

a request is received from either party to communicate the PSTN. Accordingly, task 124 is generally not performed 

secure voice over the digital link, tasks 114 through 118 are when communicating through the PSTN with secure 

performed. In the embodiment when task 104 did not 3Q terminals, such as a STU-III terminal, 

establish an encrypted digital link, (e.g., an unencrypted Thus, through the performance of tasks 122, 126 and 128, 

digital link has been established) task 114 includes the steps secure voice or data may be communicated from a digital 

of establishing an encrypted digital link between digital handset, such as digital subscriber unit 220 (FIG. 1), through 

handset 220 and wireline interface 200. To establish this a digital communication network, such as digital commu- 

encrypted digital link, task 114 includes the steps of deter- 35 nication network 224 (FIG. 1) through wireline interface 

mining encryption algorithms and encryption keys which are 200 (FIG. 1) to a secure voice or data terminal through the 

preferably specific to the digital subscriber unit. In task 114, PSTN. 

encrypted digital voice is received at the wireline interface Alternatively, through the performance of tasks 122, 124, 

over the communication link from the digital subscriber 126, and 128, secure data may be communicated from a 

unit. Task 114 decrypts the received encrypted digital voice 4Q d i gita i handset or terminal, such as digital subscriber unit 

and provides decrypted digital voice. In the preferred 220 (FIG. 1), through a digital communication network, 

embodiment, task 114 is performed, at least in part, by a SUCD as digital communication network 224 (FIG. 1) to 

security module within the wireline interface. wireline interface 200 (FIG. 1), and clear, unencrypted data 

In task 116, the decrypted digital voice is converted to may be communicated between wireline interface 200 and a 

modulated voice suitable for transmission through the 4S data terminal in the PSTN. 

PSTN. In the preferred embodiment, task 116 is performed i 0 tne preferred embodiment of the present invention, 

by a vocoder. In task 118, the modulated clear voice is either the called party in the PSTN or the party operating the 

provided to the called party through the PSTN. digital subscriber unit in the digital communication network 

Tasks 114-118 describe a secure communication of voice may request secure voice communication. In the case of a 

through a digital network, such as digital communication 50 standard telephone, a predetermined dialed code, for 

network 224 (FIG. 1) and the clear (not encrypted) commu- example, such as "*1" may be used to indicate to the 

nication of the voice between the wireline interface 200 wireline interface, that the parties wish to communicate 

(FIG. 1) and a standard telephone set over analog network secure voice. Other codes may be used request for requests 

228 (FIG. 1). for communication of data, secure data over the air, or 

When a request to communicate secure voice over the air 55 end-to-end secure communication of either voice or data. In 

only is not received, task 110 instructs procedure 100 to one embodiment of the present invention, where task 104 

performs task 120. When a request for communication of establishes an encrypted digital link between the subscriber 

data is received, or a request to communicate secure data unit and the wireline interface, the wireline interface may 

over the air is received, or a request for end-to-end secure receive an encrypted network number from the digital 

communication of either voice or data is received, task 120 60 subscriber unit. In this embodiment, wireline interface per- 

instructs the procedure to perform tasks 122-128. For forms the steps of decrypting the received PSTN number, 

example, when the wireline interface receives a request for converting the network number from digital to correspond- 

secure data or voice communication with a secure terminal ing DTMF tones and providing the corresponding tones to 

with encryption capability, tasks 122, 126 and 128 are the analog network to establish the connection through the 

performed. 65 analog network to the called party (tasks 106 and 108). 

In task 122, a modem within the wireline interface trains Tasks 114 through 128 have been described with respect 

with a modem of the secure phone or data terminal through to information received through the digital communication 
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network from the digital subscriber unit. However, similar 
tasks are performed for information received from the 
analog network for subsequent transmission to the digital 
subscriber unit. This is described below. 

Although procedure 100 is described for calls initiated by 5 
a digital subscriber unit within the digital communication 
network, the present invention is equally suitable for calls 
initiated from terminals and telephones through an analog 
network. FIG. 4 is a portion of communication procedure 
100 (FIG. 3) in accordance with a preferred embodiment of 10 
the present invention performed for calls initiated within the 
analog network. Tasks 302 through 308 are performed in 
lieu of tasks 102-108 of procedure 100. For example, when 
the calling party is located within the analog network, the 
calling party dials a network number associated with wire- 15 
line interface 200 (FIG. 1). In task 302, the wireline interface 
(WI) answers the call and in task 304 provides a dial tone to 
the calling party in the analog network. The number asso- 
ciated with a digital subscriber unit in the digital commu- 
nication system is dialed by the telephone set and received 20 
by the wireline interface in task 306. In task 308, a digital 
channel is established between the wireline interface and the 
digital subscriber unit. The digital channel may be a secure 
link as described in task 104 above. The remaining tasks of 
procedure 100 are performed as discussed above. 25 

FIGS. 5-6 are portions of communication procedure 100 
(FIG. 3) in accordance with a preferred embodiment of the 
present invention. The portions of communication procedure 
100 shown in FIGS. 5-6 are performed for communication 
information received from the analog network at a wireline 30 
interface. Wireline interface 200 (FIG. 2), for example, is 
suitable for performing these tasks. 

When a request to communicate secure voice over the air 
only (e.g., the digital communication network) is received, 
tasks 314, 316, and 318 are performed either in lieu of or in 35 
addition to tasks 114, 116, and 118 (FIG. 3) for modulated 
voice received through the analog network. In this 
embodiment, secure voice is not communicated through the 
analog network. In task 314, the wireline interface receives 
an analog voice signal from the called party through the 40 
analog network. This analog voice signal is typically modu- 
lated voice provided by a typical telephone set. In task 314, 
a vocoder within the wireline interface converts the modu- 
lated voice to a digital bit stream (digital voice). When 
encryption is enabled in the wireline interface, the digital 45 
voice is encrypted in task 316. In task 318, the encrypted 
digital voice is transmitted through the digital communica- 
tion system over the established digital link to the digital 
subscriber unit. The digital subscriber unit includes means 
for decrypting received digital voice and a vocoder for 50 
converting the decrypted digital voice to an analog form 
suitable for being provided to a speaker. Accordingly, 
encryption over the air portion of the end-to-end channel is 
provided. 

When a request for communication of data is received, or 55 
a request to communicate secure data over the air is 
received, or a request for end-to-end secure communication 
of either voice or data is received, task 120 instructs the 
procedure to perform tasks 324, 326, and 328 in lieu of tasks 
124, 126, and 128 (FIG. 3) for data or secure voice received 60 
through the PSTN. In this embodiment, end-to-end channel 
encryption may be provided. The wireline interface receives 
modulated data (e.g., encrypted voice, encrypted data, or 
unencrypted data) from the called party through the PSTN. 
In task 324, the data is demodulated, preferably by a modem 65 
within the wireline interface. In one embodiment of the 
present invention, where unencrypted data is demodulated in 



task 324, optional task 326 may encrypt the demodulated 
data. Task 328 transmits the data to the digital handset 
through the digital communication system over the estab- 
lished digital link. 

When encrypted voice or encrypted data demodulated in 
task 324 is received from a secure terminal such as a 
STU-III, task 326 is not performed and the demodulated 
encrypted voice or encrypted data is transmitted in task 328 
to the digital handset. Accordingly, end-to-end channel 
encryption is provided. 

In summary, the present invention provides, among other 
things, for the communication of 1) secure voice over the air 
described in tasks 114-118, and 314-318; 2) secure data 
over the air described in tasks 122-128 and 324-328; and 3) 
end-to-end secure voice or end to end secure data described 
in tasks 122, 126, 128, 324 and 328. The communication of 
clear or secure voice may be followed by the communication 
of data. 

Thus, a radio wireline interface and method of secure 
communication have been described which overcomes spe- 
cific problems and accomplishes certain advantages relative 
to prior art methods and mechanisms. The foregoing 
description of the specific embodiments will so fully reveal 
the general nature of the invention that others can, by 
applying current knowledge, readily modify and/or adapt for 
various applications such specific embodiments without 
departing from the generic concept, and therefore such 
adaptations and modifications should and are intended to be 
comprehended within the meaning and range of equivalents 
of the disclosed embodiments. 

It is to be understood that the phraseology or terminology 
employed herein is for the purpose of description and not of 
limitation. Accordingly, the invention is intended to embrace 
all such alternatives, modifications, equivalents and varia- 
tions as fall within the spirit and broad scope of the 
appended claims. 

What is claimed is: 

1. A wireline interface for communicating between a 
digital subscriber unit and an analog network, the wireline 
interface comprising: 

a digital interface for establishing an encrypted digital 
link with the digital subscriber unit through a digital 
communication network, receiving a network number 
of a called party from the digital subscriber unit over 
the encrypted digital link, and receiving encrypted 
digitized voice from the digital subscriber unit over the 
encrypted digital link; 

a security module for decrypting the encrypted digitized 
voice providing decrypted digitized voice; 

a transcoder for converting the decrypted digitized voice 
to analog voice suitable for transmission through the 
analog network; 

a network interface for establishing a connection with the 
called party through the analog network and providing 
the analog voice to the called party; 

wherein the wireline interface is coupled between the 
digital communication network and the analog 
network, and wherein the digital interface receives a 
request to initiate the connection with the analog net- 
work initiated by the digital subscriber unit, the digital 
subscriber unit providing a number of the wireline 
interface to the digital communication network; 

the wireline interface includes a controller for causing the 
digital interface to establish the encrypted digital link; 

wherein the controller includes means for causing the 
digital interface to establish a unencrypted digital link 
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with the digital subscriber unit prior to establishing the 
encrypted digital link, the digital subscriber unit com- 
municating clear voice over the unencrypted digital 
link; and 

wherein the controller has means for receiving a request 5 
to communicate secure voice and prior to the digital 
interface establishing the encrypted digital link, the 
controller receives the request to communicate secure 
voice, and subsequent to establishing the encrypted 
digital link instructs the security module to decrypt 10 
received encrypted digitized voice, and instructs the 
transcoder to provide the analog voice. 

2. A wireline interface as claimed in claim 1 wherein the 
network interface is coupled with a PBX, and wherein the 
analog network comprises a private telephone system, the 15 
PBX providing switching functions for telephones within 
the private telephone system. 

3. A wireline interface as claimed in claim 1 wherein prior 
to establishing the connection through the analog network, 
the controller instructs the security module to decrypt the 2 o 
network number, converts the network number from digital 

to corresponding tones, and instructs the network interface 
to provide the corresponding tones to the analog network. 

4. A wireline interface as claimed in claim 1 wherein prior 

to establishing the encrypted digital link, the controller, 2 s 
through the digital interface, exchanges call set-up informa- 
tion with the digital subscriber unit, determines an encryp- 
tion algorithm and an encryption key specific to the 
encrypted digital link for communicating with the digital 
subscriber unit. 30 

5. A wireline interface as claimed in claim 1 wherein the 
request to communicate secure voice comprises a predeter- 
mined code indicating the request to communicate secure 
voice to the controller. 

6. A wireline interface as claimed in claim 1 further 35 
comprising a modem coupled to the network interface, and 
wherein the network interface establishes the connection to 

a secure telephone with encryption capability, 

the controller instructs the security module to refrain from 

decrypting the encrypted digitized voice, and 40 
the controller instructs the modem to modulate the 

encrypted digitized voice for transmission through the 

analog network. 

7. A wireline interface as claimed in claim 1 wherein 
when the controller receives the request to communicate 45 
secure voice, the controller instructs the transcoder to con- 
vert analog unencrypted voice received from the called party 
through the analog network to digital voice, and instructs the 
security module to encrypt the digital voice with an encryp- 
tion key and an encryption algorithm, and instructs the 50 
digital interface to transmit the encrypted digital voice to the 
digital subscriber unit over the encrypted digital link, the 
encryption algorithm and encryption key being specific to 
the encrypted digital link and the digital subscriber unit. 

8. A wireline interface as claimed in claim 1 further 55 
comprising a modem coupled to the network interface, and 
wherein when the controller receives a request to commu- 
nicate secure data, the controller instructs the digital inter- 
face to receive encrypted digitized data from the digital 
subscriber unit over the encrypted digital link, instructs the 60 
security module to decrypt the encrypted digitized data, and 
instructs the modem to modulate the decrypted digitized* 
data, and instructs the network interface to provide the 
modulated decrypted digitized data to the called party 
through the analog network. 65 

9. A wireline interface as claimed in claim 8 wherein 
when the controller receives the request to communicate 
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secure data, the controller instructs the modem to demodu- 
late unencrypted modulated digitized data received from the 
called party through the analog network, instructs the secu- 
rity module to encrypt the demodulated unencrypted digi- 
tized data, and instructs the digital interface to transmit the 
encrypted demodulated digitized data over the encrypted 
digital link to the digital subscriber unit. 

10. A method of communicating between a digital sub- 
scriber unit and an analog network, the method comprising 
the steps of: 

establishing an encrypted digital link with the digital 
subscriber unit through a digital communication net- 
work; 

receiving a network number from the digital subscriber 
unit through the digital communication network over 
the encrypted digital fink; 

in response to the receiving the network number step, 
establishing a connection with a called party through 
the analog network; 

receiving encrypted digitized voice from the digital sub- 
scriber unit over the encrypted digital link; 

decrypting the encrypted digitized voice to provide 
decrypted digitized voice; 

converting the decrypted digitized voice to analog voice 
suitable for transmission through the analog network; 

providing the analog voice to the called party through the 
analog network; 

wherein the steps of receiving encrypted digitized voice, 
decrypting the encrypted digitized voice, and providing 
the analog voice are performed when a request to 
communicate secure voice is received; 

establishing an unencrypted digital link between the one 
digital subscriber unit; and 

communicating unencrypted voice with the digital sub- 
scriber unit over the unencrypted digital link prior 
receiving the request to communicate secure voice. 

11. A method as claimed in claim 10 further comprising 
the step of receiving, from the digital subscriber unit 
through-the digital communication network, a request to 
initiate a connection with the analog network, the request 
being initiated by the digital subscriber unit providing a 
number of a wireline interface to the digital communication 
network, the wireline interface being coupled between the 
digital communication network and the analog network, and 

wherein the step establishing the encrypted digital link is 
performed by the wireline interface in response to the 
receiving the request to initiate a connection with the 
analog network step. 

12. A method as claimed in claim 10 further comprising 
the step of receiving a request to communicate secure voice 
from either the called party or the digital subscriber unit, the 
request including a predetermined code received through the 
analog network. 

13. A method as claimed in claim 10 wherein when the 
request to communicate secure voice is received, the method 
further includes the steps of: 

receiving analog unencrypted voice from the called party 

through the analog network; 
the converting the analog unencrypted voice to digital 

voice; 

encrypting the digital voice; and 
transmitting the encrypted digital voice to the digital 
subscriber unit over the encrypted digital link. 

14. A method as claimed in claim 10 wherein when a 
request to communicate secure data is received, the method 
includes the steps of: 



08/03/2004, EAST Version: 1.4.1 



US 6,356, 

11 

receiving encrypted digitized data from the digital sub- 
scriber unit through the digital communication net- 
work; 

decrypting the encrypted digitized data; 
modulating the decrypted digitized data; and 5 
providing the modulated decrypted digitized data to the 
called party through the analog network. 

15. A method as claimed in claim 14 wherein when the 
request to communicate secure data is received, the method 1Q 
further includes the steps of: 

receiving unencrypted modulated digitized data from the 

called party through the analog network; 
demodulating the unencrypted modulated digitized data; 
encrypting the demodulated digitized data; and 15 
transmitting the encrypted demodulated digitized data 

over the encrypted digital link to the digital subscriber 

unit. 

16. A method as claimed in claim 10 wherein the estab- 
lishing the connection through the analog network step 20 
establishes a connection to a secure telephone with encryp- 
tion capability, the method includes the steps of: 

refraining from performing the decrypting the encrypted 
digitized voice step; and 25 

modulating the encrypted digital voice for transmission 
through said analog network. 

17. A method as claimed in claim 16 wherein the receiv- 
ing the network number step includes the steps of: 

decrypting the network number; 30 
converting the network number from digital to corre- 
sponding tones; and 
providing the corresponding tones to the analog network 
to establish the connection through the analog network. 

18. A method as claimed in claim 17 wherein the estab- 35 
lishing the encrypted digital link step includes the step of: 

exchanging call set up information with the digital sub- 
scriber unit; 

determining an encryption algorithm; and 40 
determining an encryption key. 
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19. A method of communicating between a digital sub- 
scriber unit and an analog network, the method comprising 
the steps of: 

establishing a digital link with the digital subscriber unit 
through a digital network; 

receiving a network number from the digital subscriber 
unit through the digital network over the digital link; 

in response to the receiving the network number step, 
establishing a connection with a called party through 
the analog network; 

receiving digitized voice from the digital subscriber unit 
over the unencrypted digital link; 

converting the digitized voice to analog voice for trans- 
mission through the analog network; 

providing the analog voice to the called party through the 
analog network; 

receiving a request to communicate secure voice; 

determining an encryption key and encryption algorithm 
for communicating through the digital network; 

establishing an encrypted digital link with the digital 
subscriber unit through the digital network; 

receiving encrypted digitized voice from the digital sub- 
scriber unit over the unencrypted digital link; 

decrypting the encrypted digitized voice to provide 
decrypted digitized voice; 

converting the decrypted digitized voice to decrypted 
analog voice for transmission through the analog net- 
work; and 

providing the decrypted analog voice to the called party 
through the analog network. 

20. A method as claimed in claim 19 further comprising 
the steps of: 

establishing a connection to a secure telephone with 
encryption capability through the analog network; 

refraining from performing the decrypting the encrypted 
digitized voice step; and 

modulating the encrypted digitized voice for transmission 
through the analog network to the secure telephone, 

* * * * * 
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